Hear hear, another VPN bug. This time SonicWall VPN is in the cross hairs.
Researchers at Tripwire just revealed a critical security vulnerability in the SonicWall VPN portal that can be used to crash devices and prevent users from connecting to corporate resources.
And that’s not all, it could also open the door to remote code execution (RCE).
Named CVE-2020-5135, this is a stack-based buffer overflow in the SonicWall Network Security Appliance (NSA).
According to Tripwire the flaw exists within the HTTP/HTTPS service used for product management and SSL VPN remote access.
An unskilled attacker could trigger a persistent denial-of-service condition using an unauthenticated HTTP request involving a custom protocol handler.
Tripwire VERT, as they said in the blog post, “has also confirmed the ability to divert execution flow through stack corruption indicating that a code execution exploit is likely feasible. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet. As of the date of discovery, a Shodan search for the affected HTTP server banner indicated 795,357 hosts”.
SonicWall has indicated that the following versions are vulnerable:
- SonicOS 6.5.4.7-79n and earlier
- SonicOS 6.5.1.11-4n and earlier
- SonicOS 6.0.5.3-93o and earlier
- SonicOSv 6.5.4.4-44v-21-794 and earlier
- SonicOS 7.0.0.0-1
Quick fix already out there
Fortunately, Tripwire quick notification assured that the fixes were already deployed when the announcement was made and SonicWall has released updates Qto remediate this flaw.
But SSL VPN portals may be disconnected from the Internet as a temporary mitigation before the patch is applied.
SonicWall has indicated that the following versions include a fix for this issue:
- SonicOS 6.5.4.7-83n
- SonicOS 6.5.1.12-1n
- SonicOS 6.0.5.3-94o
- SonicOS 6.5.4.v-21s-987
- Gen 7 7.0.0.0-2 and onwards
This latest security advisory comes after a few weeks ago Pen Test Partners revealed that at least 500k organizations, more than 2 million user groups and something like 10 million devices could be at risks due to another SonicWall VPN vulnerability and that it took 14 days to fix…
As we said, not a good time for VPNs…